Often, users disable cookies in their browsers. In this case, ColdFusion cannot maintain the client state automatically. You can use client or session variables without using cookies, by passing the client identification information between application pages. However, this technique has significant limitations, as follows:
To use ColdFusion session variables without using cookies, each page must pass the CFID and CFToken values to any page that it calls as part of the request URL. If a page contains any HTML href a= links, cflocation tags, form tags, or cfform tags the tags must pass the CFID and CFToken values in the tag URL. To use J2EE session management, you must pass the jsessionid value in page requests. To use ColdFusion client variables and J2EE session variables, you must pass the CFID, CFToken, and jsessionid values in URLs.
ColdFusion provides the URLSessionFormat function, which does the following:
The URLSessionFormat function automatically determines which identifiers are required, and sends only the required information. It also provides a more secure and robust method for supporting client identification than manually encoding the information in each URL, because it only sends the information that is required, when it is required, and it is easier to code.
To use the URLSessionFormat function, enclose the request URL in the function. For example, the following cfform tag posts a request to another page and sends the client identification, if required:
<cfform method="Post" action="#URLSessionFormat("MyActionPage.cfm")#>
<cfset myEncodedURL=URLSessionFormat(MyActionPage.cfm)> <cfform method="Post" action="#myEncodedURL#">